negative_captcha 0.3 → 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. data/README.markdown +9 -0
  2. data/lib/negative_captcha.rb +7 -2
  3. data/lib/negative_captcha/view_helpers.rb +6 -6
  4. metadata +2 -2
data/README.markdown CHANGED
@@ -73,6 +73,15 @@ Modify your POST action(s) to check for the validity of the negative captcha for
73
73
  render :action => 'new'
74
74
  end
75
75
  end
76
+ ### Automated tests
77
+
78
+ To make all field ids and names predictable for tests,
79
+ simply add the following line in config/environments/test.rb
80
+
81
+ NegativeCaptcha.test_mode = true
82
+
83
+ This will ensure that a field named email will not generate a hash but a field name test-email instead.
84
+ A tool like cucumber can now bypass this security while still going through the captcha workflow.
76
85
 
77
86
  ### Form Example
78
87
 
data/lib/negative_captcha.rb CHANGED
@@ -10,6 +10,11 @@ class NegativeCaptcha
10
10
  :timestamp,
11
11
  :error
12
12
 
13
+ @@test_mode = false
14
+ def self.test_mode=(value)
15
+ class_variable_set(:@@test_mode, value)
16
+ end
17
+
13
18
  def initialize(opts)
14
19
  self.secret = opts[:secret] ||
15
20
  Digest::MD5.hexdigest("this_is_a_secret_key")
@@ -30,7 +35,7 @@ This usually happens because an automated script attempted to submit this form.
30
35
  MESSAGE
31
36
 
32
37
  self.fields = opts[:fields].inject({}) do |hash, field_name|
33
- hash[field_name] = Digest::MD5.hexdigest(
38
+ hash[field_name] = @@test_mode ? "test-#{field_name}" : Digest::MD5.hexdigest(
34
39
  [field_name, spinner, secret].join('-')
35
40
  )
36
41
 
@@ -60,7 +65,7 @@ This usually happens because an automated script attempted to submit this form.
60
65
  self.error = "Error: Invalid timestamp. #{message}"
61
66
  elsif params[:spinner] != spinner
62
67
  self.error = "Error: Invalid spinner. #{message}"
63
- elsif fields.keys.detect {|name| params[name] && params[name].length > 0}
68
+ elsif fields.keys.detect {|name| params[name] && params[name] =~ /\S/}
64
69
  self.error = <<-ERROR
65
70
  Error: Hidden form fields were submitted that should not have been. #{message}
66
71
  ERROR
data/lib/negative_captcha/view_helpers.rb CHANGED
@@ -36,9 +36,9 @@ module ActionView
36
36
  negative_captcha.values[field],
37
37
  options
38
38
  ) +
39
- "<div style='position: absolute; left: -2000px;'>" +
40
- hidden_field_tag(field, '', :tabindex => '999') +
41
- "</div>".html_safe
39
+ content_tag('div', :style => 'position: absolute; left: -2000px;') do
40
+ hidden_field_tag(field, '', :tabindex => '999')
41
+ end.html_safe
42
42
  end
43
43
 
44
44
  def negative_password_field_tag(negative_captcha, field, options={})
@@ -47,9 +47,9 @@ module ActionView
47
47
  negative_captcha.values[field],
48
48
  options
49
49
  ) +
50
- "<div style='position: absolute; left: -2000px;'>" +
51
- password_field_tag(field, '', :tabindex => '999') +
52
- "</div>".html_safe
50
+ content_tag('div', :style => 'position: absolute; left: -2000px;') do
51
+ password_field_tag(field, '', :tabindex => '999')
52
+ end.html_safe
53
53
  end
54
54
 
55
55
  def negative_label_tag(negative_captcha, field, name, options={})
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: negative_captcha
3
3
  version: !ruby/object:Gem::Version
4
- version: '0.3'
4
+ version: 0.3.1
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2012-06-01 00:00:00.000000000 Z
12
+ date: 2012-11-26 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: actionpack